Cannot access file mounted with Docker

Using Docker in Fedora 20, I tried to mount a directory. The mount worked correctly but I couldn’t access the file inside the docker container. I got permission denied when trying to read it, or change ownership of it using ‘root’ in the container.

docker run -i -t -v /path/to/volume:/opt rhel:6.5 bin/bash

The permissions show me it’s owned by user and group ID 1000:

#ls -la
drwxrwxr-x. 2 1000 1000 4096 Oct 6 21:46 opt

This is an SELinux permission problem. If you want to grant access to read the file from the Docker container, add this SELinux boolean on the host:

chcon -Rt svirt_sandbox_file_t /path/to/volume

Openshift version 3, what’s coming?

By far the biggest change coming in Openshift is the integration of Docker. Basically the cartridge will be replaced by a Docker container. This is great for application developers, who will have far more control over how they build and package their application for the cloud.

Docker was designed for Openshift. Openshift was already utilising Linux containers to run applications side by side in a multi-tenant way. Docker as introduced a well thought out API, and incremental storage strategy for Linux containers, which make them much easer for developers to use.

So it’s a happy marriage between Openshift and Docker. But how will it work under the covers. A recent presentation by Michal at the Openshift meet up in Brisbane shed some light on that. Keep in mind it’s still early days for Openshift version 3, it’s exciting times ahead. Here’s a preview of what it might look like.


– Securely isolate containers
– quota restrictions
– user namespaces
– SELinux

– Makes containers isolated, and resilient to failure
– use SystemD to track, recover and limit processes
– failure of other containers should not effect other containers

– Make containers portable between hosts
– links, port mappings and environment vars
– easy to share amongst gears, and between hosts

– Make containers audible, constrained, and reliably logged
– leverage SystemD patterns for each of these


– Similar to the current, binary deployment model
– Build source code, and deploy it, followed by a Docker commit

Support Cartridges using Centos

– To avoid licensing issues with using RHEL
eg: Ruby cart:

Stateless cartridges first, not sure about stateful cartridge implementation at this stage.

What this space!

Using Syntastic plugin for Vim

You can use Syntastic to check the syntax of various files including XML. I used it recently by following the installation guide here:

After installing it, copy the XML, and DTD into the same directory and use “:SyntasticCheck” to do a check.

Docker Getting Started Notes

Install docker

I tried sudo docker run -i -t fedora /bin/bash I work for Red Hat :)

  • failed with:
  • Pulling repository fedora
    0d20aec6529d: Error pulling image (rawhide) from fedora, unexpected EOF

  • apparently not a fault tolerant connection
  • was successful with:
  • sudo docker pull fedora

Committing Changes

  • Install a program into the container after running the shell:

    sudo docker run -i -t fedora /bin/bash
    yum -y install nc

  • Once you quit ‘nc’ is no longer installed
  • Persist your container to the local repository using:

    Get container id:

    sudo docker ps

    sudo docker commit fedora-nc

  • list images using

    sudo docker images

Bind a service on a TCP Port

When running a job in docker the following network setup happens:

  • Allocated a network interface
  • Setup an IP for it, with network address translation

If you want to be able to call into the job via the network, you’ll have to publish a port to the host

JOB=$(sudo docker run -d -p 4444 fedora-nc /bin/nc -l 4444)

After that, you’ll need to use the ‘port’ command to see which public port is NATed to the container

PORT=$(sudo docker port $JOB 4444 | awk -F: '{ print $2 }')

Finally if you want to send a message to the container you can do so using the public port

hello world | nc $PORT

Verify the network connection worked

echo "Daemon received: $(sudo docker logs $JOB)"

JBoss AS 7 Admin Config Video Course

Last year a published a series of video for Packt Publishing. Here’s an overview.

We’ll take you on a tour of the most popular Java Enterprise features, starting with Databases, and JMS, and rounding off at logging. Along the way, we’ll dive to into troubleshooting common problems such as Out Of Memory Errors, and Performance.
Where does the reader start – where do they end. How will they get from one place to the other?

We’ll highlight the difference between standalone and domain mode, showing why you would use domain mode, and how it differs from the traditional standalone approach.

We’ll dive into configuring Databases and Message queues, and also show you how to use integrate them into your application when running on JBoss.

We look at common problems that occur in any Java application, and how to troubleshoot them to find the root cause.
We continue our journey with setting up HTTP Request load balancing, and setting up a cluster of highly available JBoss nodes.

We dive into classloading in Jboss AS 7, showing how easy it is to finely manage classloading dependencies for your applications.
We talk about some extra performance features with JBoss AS 7, and cover the newest security features such as the Vault, which you can use to encrypt plain text passwords in configuration files.

We talk about some development features new with JBoss AS 7, such as Arquillian, a test harness for testing CDI, and EJB beans without a full blown startup/shutdown container cycle.
Lastly, we’ll talk in depth about JBoss logging, how to use the logging framework provided by the container, or roll your own logging, in your application.

JBoss AS 7 Configuration, Deployment, and Administration will turn you into a well-rounded JBoss Adminstrator quickly. We focus on the key features of the Application Server that will make a power user quickly and easily. We do this practical hands on examples, and simple explainations of JBoss and Java internals.